December 11, 2019

Day #15 recaptcha and a detour

Topher @toadally

Today was the first day that went sideways.

I blocked off an hour to implement recaptcha. An hour seemed sufficient, it’s not a complicated process – generate a hash on the client, pass it to the server, then POST it to Google for verification. And, if that’s all I needed to do, it would have been sufficient – more than sufficient even.

But it wasn’t.

The idea behind FormCaster is that no code is necessary on the user’s site. That means the recaptcha needs to be on an interstitial page. I knew that, no big deal. Except that I’ve had a bit of scope creep since the inception of the project.

I had not originally planned on allowing file uploads. Now that file uploads are supported for forms on the paid plan, storing the data on the client during the interstitial page visit and captcha confirmation is no longer viable.

So to support both recaptcha and file uploads, I had to rewrite the form handler. Forms are now submitted immediately, blindly, prior to recapcha being passed or failed. Upon pass, the form submission is marked as clean and files are moved to their proper destination. If a submission fails, it’s deleted from the database, and any files uploaded are also removed.

Now, blindly accepting form submissions from anywhere is obviously a terrible idea. So tomorrow I’ll need to implement some for of rate limiting, and I may fork processing, with uploads containing a file being handled one way, and files another. We shall see.

You’ve got thoughts, right? Bring them to the group!

Loading comments...